Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43164)

Description

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".

Remediation

References

Related Vulnerabilities

WordPress Plugin 3D Product configurator for WooCommerce Arbitrary File Upload (1.5.531)

WordPress Plugin WordPress File Upload Arbitrary File Upload (3.8.5)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)

WordPress Plugin Brizy-Page Builder Security Bypass (2.4.44)

WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)

Severity

Medium

Classification

CVE-2022-43164 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities